With the introduction of new Europe wide GDPR NicheCom (the trading name of West Surrey Homes Limited) and its associated companies is committed to ensuring full compliance and confidence to all of their customers.
The General Data Protection Regulations (GDPR) will supersede all existing data protection laws on 25th May 2018. Following the United Kingdoms exit from the European Union, the UK has now been formally adopted ‘adequacy decisions’ which allows the free flow of personal data between the UK and EU/EEA. At present legislation around the use of personal data in the UK remains the same as prior to the UK’s exit from the EU.
NicheCom deal with a large amount of data, specifically data that relates to names and addresses of people marketing their property for sale and this is generally supplied by a third party (i.e. the estate agent). As a technology and service provider, we pride ourselves on being super secure and compliant, to give our customers the utmost confidence in using our products and services within their businesses.
What data is held and where?
When we process a new customer order, we collect a name, email address and telephone number and on occasion an optional company name. On completion of a job for a customer, Nichecom deletes all personal information relating to the address.
This data is distributed to:
• Our Dashboard platform to create orders. Hosted by Amazon in Ireland (see Amazon Web Services & GDPR)
• Our Email server. Hosted by Google (See Google & GDPR)
• Our Newsletter / Email Notifications system. Hosted by Campaign Monitor (See Campaign Monitor & GDPR)
• Internal Spreadsheets (Name and company only)
• Cloud Storage Hosted by Dropbox. (See Dropbox & GDPR)
Who has access to this data?
Data is strictly accessible by NicheCom employees only, specifically for the purposes of supporting the software and satisfying our customers orders.
People who handle customer information within the business fall into 3 categories:
• Field Service Employees – Responsible for visiting a property to fulfill the order (i.e. taking photographs, drawing floorplans, producing and Energy Performance Certificate and any other services that have been ordered).
• Customer Service Employees – Head Office personnel responsible for scheduling orders, liaising with field staff, estate agency clients and property owners/tenants.
• Head Office Employees – Management within the organising who are required to access this data in order to run the business on a day to day basis.
• Dashboard Platform Engineers (see Radweb & GDPR) – Full unrestricted access to databases, servers and accounts with customer information and data for the purposes of maintenance and support
How we are complying with GDPR
• Right to be forgotten – You and your clients may cancel and terminate your Dashboard account at any time. If you terminate your account, you will be offered to permanently erase all of your data. After receiving a request to be forgotten, we will permanently delete your account and all data associated with it within 30 days of receiving the request.
• Right of portability – If requested, we will export your data and your clients data so it can be transferred to a third party.
• Right to object – At any time, you may object (via opt out) to your personal data being used for specific purposes such as direct marketing, research, etc., via your Dashboard Account Profile.
How NicheCom will help you to comply with GDPR
GDPR expands privacy protections and rights to your customers too. NicheCom will help you comply with requests you receive that fall under GDPR regulations and relate to the data given by yourselves so we can undertake the services you have ordered:
• Right to rectification – You can request that we update Client and Contact information at any time. Your contacts can reach out to NicheCom directly and we’ll correct or delete that information for them.
• Right to be forgotten – If you receive a request to be forgotten, you’re able to delete a contact, which permanently removes their information from your account. If your client reaches out to us directly with a valid request, we’ll notify you about the request and delete the contact’s data from your account, or across all NicheCom accounts, if requested, in order to comply with GDPR.
• Right of portability – If your client requests their personal data, you can export or print their data from your browser, which we make available to you via a secure connection.
• Right of access – If your client requests their personal data, you can print their data.
What changes we are making for full compliance
• Our Dashboard Platform – When we have completed the order and the products invoiced the contact(s) information we have on the property will be deleted within 30 days of being invoiced.
• Our Email Notification system – When we receive an Account Signup or a Subscription Signup, we will email the customer a Double Opt-In request to be added to our Newsletter/Mailing List for receiving updates about NicheCom and its associated companies.
• Cloud Storage – When we receive a request to be forgotten, or we are simply no longer using particular records, we will permanently erase that data on all Cloud Storage Drives where that data is stored.
Further information on data protection regulations and laws can be found at https://ico.org.uk/your-data-matters/